Since May last year, hackers from Russia, allegedly associated with the Sandworm group, have been spotted in the system of the Kyivstar operator.
The head of Ukrainian cyber intelligence, Ilya Vityuk, told Reuters As noted, if someone helped the hackers from the inside, he did not have a high level of access, because programs were also used to steal passwords. Details are still being worked out.
The Sandworm group, linked to the Russian GRU, is behind the attack, Ukraine believes. “We can say with confidence that they have been in the system since at least May 2023.
The attack destroyed “almost everything,” including thousands of virtual servers and PCs. Cyber intelligence calls this perhaps the first cyberattack to “completely destroy the core of a telecom operator.”
The hack did not have a big impact on the Ukrainian army, cyber intelligence says, because it uses “different algorithms and protocols.”
“This attack is a big message, a big warning not only for Ukraine, but also for the entire Western world, so that it understands that no one is truly untouchable,” Vityuk said and emphasized that Kyivstar had previously invested a lot in its own cyber security .
As OBOZ.UA previously reported, hackers are sending letters allegedly from the Kyivstar operator and the Security Service of Ukraine with malicious software. The subject of the letters is “debt under the Kyivstar agreement.” An attachment is also sent in the form of an archive “Subscriber Debt.zip”.
